I have installed new version of WSO2 Identity Server v.5.3.0.
When I try to create new tenant I get exceptions:
TID: [-1234] [] [2017-01-19 16:54:17,102] ERROR {org.wso2.carbon.stratos.common.util.ClaimsMgtUtil} - Unable to retrieve the claim for the given tenant
org.wso2.carbon.user.core.UserStoreException: org.wso2.carbon.user.core.UserStoreException: Mapped attribute cannot be found for claim : http://wso2.org/claims/lastname in user store : PRIMARY
and
TID: [-1234] [] [2017-01-19 16:54:17,102] ERROR {org.wso2.carbon.stratos.common.util.ClaimsMgtUtil} - Unable to retrieve the claim for the given tenant
org.wso2.carbon.user.core.UserStoreException: org.wso2.carbon.user.core.UserStoreException: Mapped attribute cannot be found for claim : http://wso2.org/claims/lastname in user store : PRIMARY
These claims exist in DB. There is new structure in DB of claim tables.
In version 5.2 there weren't any problems in this part.
I suppose that new user (admin of tenant) can't be created.
A simple other user through "Add User" can be created properly.
We have different data sources for user management ant identities (WSO2_UM and WSO2_AM). New claims structure is in WSO2_AM. Maybe this is the reason of problems?
This problem is very, very important for us.
Maybe we have come back to version 5.2?
The problem was resolved. I'm very sorry for my mistakes.
There was one mistake in configuration files.
Related
I created a user (testinguser) in WSO2 identity server version 5.10.0 and deleted them afterwards cause I had created them in the primary user store yet I wanted to add them to the secondary user store (MySQL).
However, when I try to add the user with any name, I am getting the error Could not add user wso2is/renault. Error: Error while persisting user : renault yet renault is not created as a user
I also see this in the logs
[2020-04-25 00:18:19,727] [2f2cdf35-4c34-447e-9ffa-c14490a7e101] ERROR {org.wso2.carbon.user.mgt.ui.UserAdminClient} - Error while persisting user : renault org.wso2.carbon.user.mgt.stub.UserAdminUserAdminException: UserAdminUserAdminException
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAcc
You have used JDBCUserStoreManager as the User Store Manager Class when adding the new user store. Select UniqueIDJDBCUserStoreManager instead.
As described in the documentation,
From WSO2 IS 5.10.0 onwards, all user store managers have UniqueID included as part of the user store manager name.
The user store managers that do not have UniqueID as part of the user store manager name are only available for backward compatibility
purposes and can only be used if you are migrating from a previous
version of WSO2 Identity Server.
Refer: Configuring Secondary User Stores
org.wso2.carbon.identity.user.profile.stub.UserProfileMgtServiceUserProfileExceptionException: UserProfileMgtServiceUserProfileExceptionException
[-1234] [2020-04-14 21:31:12,382] [ab3af6fb-69bc-44fd-8cb5-46cb06dd3cc4] INFO {AUDIT_LOG} - Initiator=MASONITE/admin#carbon.super Action=Get-User-List Target=null Data={"Claim Value":"d939fee0-7cc5-11ea-ad7e-42010af00727","Claim":"http://wso2.org/claims/userid"} Outcome=Failure Error={"Error Message":"Un-expected error while getting user list, Error occurred while getting user list from property : scimId & value : d939fee0-7cc5-11ea-ad7e-42010af00727 & profile name : null","Error Code":"34003"}
on the screen it then shows
Error while loading user profile metadata
Steps:
Go into the carbon console and click on the user to get it show the profile. This only happens when i add the claim Role to the default claims, if i take it out it no longer shows. IT happens for every user including the admn default account.
The user store is a jdbc Mysql store
showing the list is fine
external AD user show fine as well from our secondary store
upgraded from wso2 identity 5.4.1 to 5.10.0
Update:
this only happens when i have the secondary user store of Active directory configured and of course the role claim supported by default, If i take the active dir secondary user store out then it works fine
This error show up as well in debug, we do not have anything like that Active dir configured though.
[2020-04-18 13:45:03,377] [] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Error occurred while getting user list from property : scimId & value : 25b4eba5-ca42-4af6-a0ff-f93fc9bef201 & profile name : null javax.naming.PartialResultException [Root exception is javax.naming.CommunicationException: AuthLite.Masonite.com:389 [Root exception is java.net.SocketTimeoutException: connect timed out]]
While I am trying to authenticate so that I can use Wso2 either through the panel or through API call I get this error:
ERROR {org.wso2.carbon.core.services.authentication.AuthenticationAdmin}
- System error while Authenticating/Authorizing User :
org.wso2.carbon.user.core.UserStoreException: org.wso2.carbon.user.core.UserStoreException:
Mapped attribute cannot be found for claim :
urn:ietf:params:scim:schemas:core:2.0:User:active in user store : PRIMARY
I don't want to add an additional field at my user store just for this. Is it possible to change authentication so that it does not look for urn:ietf:params:scim:schemas:core:2.0:User:active in the user store?
I'm assuming you cannot login to the management console at all. Even as the admin user. Can you provide the following info.
What's the user store type (LDAP, JDBC, AD) ? Is it a read-only user store?
In the documentation there are 2 methods for configuring claims under Configure claim dialects section. Which method did you use ?
We have done WSO2 IS configurations with multiple LDAPs with multiple clients successfully before. This time with a new client we are getting an error as show in image. "Error occured while getting all user claims for ... in carbon.super.
The case is we have created a service and mapped custom claims to map to LDAP. The issue is with a field mapped with http://wso2.org/claims/role attribute . If we remove this attribute from the custom claims the error goes away.
But we are using roles in business logic(Internal roles created in WSO2) which we get as null in case we remove this attribute.
We want to know the solution. Is there some change required at LDAP side ? Or how we can achieve the roles without mapping as a claim with LDAP?
When I try to log into the Store with the Admin account, it displays the following message:
No Privileges to login
You do not have permission to login to this application. Please contact your administrator and request permission.
I have checked and made sure the Admin account does indeed have the permissions it needs to log into the Store. I even created a new account and gave it all permissions, and it won't allow that account to log in either.
I even went as far as to dig into the database itself through MySQL, and best I can tell the proper permissions are there.
The last time this happened to me, I ended up unzipping a fresh copy of the EMM product and creating a brand new database for it because I couldn't figure out a solution. I tried unzipping a fresh copy of the EMM product, but running on the same database, it had no change in behavior. I have a database full of data I don't want to lose now, so I'd much rather find a fix than have to wipe it all out again!
WSo2 EMM 2.0.0
Windows Server 2012 R2
MySQL 5.5
EDIT: relevant logs:
TID: [-1234] [] [2016-03-25 05:21:19,862] WARN {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil} - Failed Administrator login attempt 'admin[-1234]' at [2016-03-25 05:21:19,862-0500]
TID: [-1234] [] [2016-03-25 05:21:19,862] WARN {org.wso2.carbon.server.admin.module.handler.AuthenticationHandler} - Illegal access attempt at [2016-03-25 05:21:19,0862] from IP address 10.200.201.108 while trying to authenticate access to service RemoteAuthorizationManagerService
TID: [-1234] [] [2016-03-25 05:21:19,909] WARN {JAGGERY.controllers.acs:jag} - User admin#carbon.super does not have permission to access the store application. Make sure the user has the store role.
I figured it out!
The issue is specifically triggered by changing the password on the admin account to anything but "admin". Changing it back appears to rectify the issue.
Obviously this is a bug, as the admin account should be able to have its password changed and still be able to log into the Store. To be clear, there was never any issue logging into the Publisher; just the Store. Additionally, if the admin password was changed, no accounts could log into the Store at all, regardless of their permissions level.
I tested this with a fresh EMM pack, version 2.0.0 and 2.0.1, using the H2 and MySQL 5.5. In all cases the issue occurred.
A bug report has been filed on WSo2's JIRA board here.
Is there are any configuration changes in your side.I got EMM 2.0.0 fresh pack and configure mysql 5.5.I tried to login emm store but It is working properly.
This issue is raised in once we are trying change the password from the EMM console. But We can change the admin password from the /repository/conf/user-mgt.xml
<AdminUser>
<UserName>admin</UserName>
<Password>admin</Password>
</AdminUser>
and /repository/conf/app-manager.xml admin credintials.